| draft-ietf-i2nsf-sdn-ipsec-flow-protection-10.txt | draft-ietf-i2nsf-sdn-ipsec-flow-protection-11.txt | |||
|---|---|---|---|---|
| I2NSF R. Marin-Lopez | I2NSF R. Marin-Lopez | |||
| Internet-Draft G. Lopez-Millan | Internet-Draft G. Lopez-Millan | |||
| Intended status: Standards Track University of Murcia | Intended status: Standards Track University of Murcia | |||
| Expires: April 24, 2021 F. Pereniguez-Garcia | Expires: April 25, 2021 F. Pereniguez-Garcia | |||
| University Defense Center | University Defense Center | |||
| October 21, 2020 | October 22, 2020 | |||
| Software-Defined Networking (SDN)-based IPsec Flow Protection | Software-Defined Networking (SDN)-based IPsec Flow Protection | |||
| draft-ietf-i2nsf-sdn-ipsec-flow-protection-10 | draft-ietf-i2nsf-sdn-ipsec-flow-protection-11 | |||
| Abstract | Abstract | |||
| This document describes how to provide IPsec-based flow protection | This document describes how to provide IPsec-based flow protection | |||
| (integrity and confidentiality) by means of an Interface to Network | (integrity and confidentiality) by means of an Interface to Network | |||
| Security Function (I2NSF) controller. It considers two main well- | Security Function (I2NSF) controller. It considers two main well- | |||
| known scenarios in IPsec: (i) gateway-to-gateway and (ii) host-to- | known scenarios in IPsec: (i) gateway-to-gateway and (ii) host-to- | |||
| host. The service described in this document allows the | host. The service described in this document allows the | |||
| configuration and monitoring of IPsec Security Associations (SAs) | configuration and monitoring of IPsec Security Associations (SAs) | |||
| from a I2NSF Controller to one or several flow-based Network Security | from a I2NSF Controller to one or several flow-based Network Security | |||
| skipping to change at page 1, line 45 ¶ | skipping to change at page 1, line 45 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 24, 2021. | This Internet-Draft will expire on April 25, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 31, line 15 ¶ | skipping to change at page 31, line 15 ¶ | |||
| Appendix A. Common YANG model for IKE and IKE-less cases | Appendix A. Common YANG model for IKE and IKE-less cases | |||
| This Appendix is Normative. | This Appendix is Normative. | |||
| This YANG module has normative references to [RFC3947], [RFC4301], | This YANG module has normative references to [RFC3947], [RFC4301], | |||
| [RFC4303], [RFC8174], [RFC8221] and [IKEv2-Parameters]. | [RFC4303], [RFC8174], [RFC8221] and [IKEv2-Parameters]. | |||
| This YANG module has informative references to [RFC3948] and | This YANG module has informative references to [RFC3948] and | |||
| [RFC8229]. | [RFC8229]. | |||
| <CODE BEGINS> file "ietf-i2nsf-ikec@2020-10-21.yang" | <CODE BEGINS> file "ietf-i2nsf-ikec@2020-10-22.yang" | |||
| module ietf-i2nsf-ikec { | module ietf-i2nsf-ikec { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec"; | namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec"; | |||
| prefix "nsfikec"; | prefix "nsfikec"; | |||
| import ietf-inet-types { | import ietf-inet-types { | |||
| prefix inet; | prefix inet; | |||
| reference "RFC 6991: Common YANG Data Types"; | reference "RFC 6991: Common YANG Data Types"; | |||
| } | } | |||
| skipping to change at page 32, line 24 ¶ | skipping to change at page 32, line 24 ¶ | |||
| This version of this YANG module is part of RFC XXXX;; | This version of this YANG module is part of RFC XXXX;; | |||
| see the RFC itself for full legal notices. | see the RFC itself for full legal notices. | |||
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', | |||
| 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', | 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', | |||
| 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this | 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this | |||
| document are to be interpreted as described in BCP 14 | document are to be interpreted as described in BCP 14 | |||
| (RFC 2119) (RFC 8174) when, and only when, they appear | (RFC 2119) (RFC 8174) when, and only when, they appear | |||
| in all capitals, as shown here."; | in all capitals, as shown here."; | |||
| revision "2020-10-21" { | revision "2020-10-22" { | |||
| description "Initial version."; | description "Initial version."; | |||
| reference "RFC XXXX: Software-Defined Networking | reference "RFC XXXX: Software-Defined Networking | |||
| (SDN)-based IPsec Flow Protection."; | (SDN)-based IPsec Flow Protection."; | |||
| } | } | |||
| typedef encryption-algorithm-type { | typedef encryption-algorithm-type { | |||
| type uint16; | type uint16; | |||
| description | description | |||
| "The encryption algorithm is specified with a 16-bit | "The encryption algorithm is specified with a 16-bit | |||
| number extracted from IANA Registry. The acceptable | number extracted from IANA Registry. The acceptable | |||
| skipping to change at page 46, line 16 ¶ | skipping to change at page 46, line 16 ¶ | |||
| This Appendix is Normative. | This Appendix is Normative. | |||
| This YANG module has normative references to [RFC2247], [RFC5280], | This YANG module has normative references to [RFC2247], [RFC5280], | |||
| [RFC4301], [RFC5280], [RFC5915], [RFC6991], [RFC7296], [RFC7383], | [RFC4301], [RFC5280], [RFC5915], [RFC6991], [RFC7296], [RFC7383], | |||
| [RFC7427], [RFC7619], [RFC8017], [RFC8174], [RFC8341], [ITU-T.X.690], | [RFC7427], [RFC7619], [RFC8017], [RFC8174], [RFC8341], [ITU-T.X.690], | |||
| [I-D.draft-ietf-netconf-crypto-types] and [IKEv2-Parameters]. | [I-D.draft-ietf-netconf-crypto-types] and [IKEv2-Parameters]. | |||
| This YANG module has informative references to [RFC8229]. | This YANG module has informative references to [RFC8229]. | |||
| <CODE BEGINS> file "ietf-i2nsf-ike@2020-10-21.yang" | <CODE BEGINS> file "ietf-i2nsf-ike@2020-10-22.yang" | |||
| module ietf-i2nsf-ike { | module ietf-i2nsf-ike { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike"; | namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike"; | |||
| prefix "nsfike"; | prefix "nsfike"; | |||
| import ietf-inet-types { | import ietf-inet-types { | |||
| prefix inet; | prefix inet; | |||
| reference "RFC 6991: Common YANG Data Types"; | reference "RFC 6991: Common YANG Data Types"; | |||
| } | } | |||
| skipping to change at page 47, line 49 ¶ | skipping to change at page 47, line 49 ¶ | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX; see | |||
| the RFC itself for full legal notices. | the RFC itself for full legal notices. | |||
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', | |||
| 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', | 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', | |||
| 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this | 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this | |||
| document are to be interpreted as described in BCP 14 | document are to be interpreted as described in BCP 14 | |||
| (RFC 2119) (RFC 8174) when, and only when, they appear | (RFC 2119) (RFC 8174) when, and only when, they appear | |||
| in all capitals, as shown here."; | in all capitals, as shown here."; | |||
| revision "2020-10-21" { | revision "2020-10-22" { | |||
| description "Initial version."; | description "Initial version."; | |||
| reference "RFC XXXX: Software-Defined Networking | reference "RFC XXXX: Software-Defined Networking | |||
| (SDN)-based IPsec Flow Protection."; | (SDN)-based IPsec Flow Protection."; | |||
| } | } | |||
| typedef ike-spi { | typedef ike-spi { | |||
| type uint64 { range "0..max"; } | type uint64 { range "0..max"; } | |||
| description | description | |||
| "Security Parameter Index (SPI)'s IKE SA."; | "Security Parameter Index (SPI)'s IKE SA."; | |||
| skipping to change at page 65, line 34 ¶ | skipping to change at page 65, line 34 ¶ | |||
| <CODE ENDS> | <CODE ENDS> | |||
| Appendix C. YANG model for IKE-less case | Appendix C. YANG model for IKE-less case | |||
| This Appendix is Normative. | This Appendix is Normative. | |||
| This YANG module has normative references to [RFC4301], [RFC6991], | This YANG module has normative references to [RFC4301], [RFC6991], | |||
| [RFC8174] and [RFC8341]. | [RFC8174] and [RFC8341]. | |||
| <CODE BEGINS> file "ietf-i2nsf-ikeless@2020-10-21.yang" | <CODE BEGINS> file "ietf-i2nsf-ikeless@2020-10-22.yang" | |||
| module ietf-i2nsf-ikeless { | module ietf-i2nsf-ikeless { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"; | namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"; | |||
| prefix "nsfikels"; | prefix "nsfikels"; | |||
| import ietf-yang-types { | import ietf-yang-types { | |||
| prefix yang; | prefix yang; | |||
| skipping to change at page 67, line 9 ¶ | skipping to change at page 67, line 9 ¶ | |||
| This version of this YANG module is part of RFC XXXX;; | This version of this YANG module is part of RFC XXXX;; | |||
| see the RFC itself for full legal notices. | see the RFC itself for full legal notices. | |||
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', | |||
| 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', | 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', | |||
| 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this | 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this | |||
| document are to be interpreted as described in BCP 14 | document are to be interpreted as described in BCP 14 | |||
| (RFC 2119) (RFC 8174) when, and only when, they appear | (RFC 2119) (RFC 8174) when, and only when, they appear | |||
| in all capitals, as shown here."; | in all capitals, as shown here."; | |||
| revision "2020-10-21" { | revision "2020-10-22" { | |||
| description "Initial version."; | description "Initial version."; | |||
| reference "RFC XXXX: Software-Defined Networking | reference "RFC XXXX: Software-Defined Networking | |||
| (SDN)-based IPsec Flow Protection."; | (SDN)-based IPsec Flow Protection."; | |||
| } | } | |||
| feature ikeless-notification { | feature ikeless-notification { | |||
| description | description | |||
| "To ensure broader applicability of this module, | "This feature indicates that the server supports | |||
| generating notifications in the ikeless module. | ||||
| To ensure broader applicability of this module, | ||||
| the notifications are marked as a feature. | the notifications are marked as a feature. | |||
| For the implementation of ikeless case, | For the implementation of ikeless case, | |||
| the NSF is expected to implement this | the NSF is expected to implement this | |||
| feature."; | feature."; | |||
| } | } | |||
| container ipsec-ikeless { | container ipsec-ikeless { | |||
| description | description | |||
| "Container for configuration of the IKE-less | "Container for configuration of the IKE-less | |||
| case. The container contains two additional | case. The container contains two additional | |||
| End of changes. 11 change blocks. | ||||
| 11 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||